← back
CVE-2026-12276

LA-Studio Element Kit for Elementor < 1.6.1 - Unauthenticated Open Registration

CVSS 5.3 MEDIUMEPSS 0.1%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jul 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The LA-Studio Element Kit for Elementor WordPress plugin before 1.6.1 does not check whether user registration is enabled on the site before creating an account through one of its unauthenticated AJAX actions, allowing unauthenticated attackers to register new accounts even when registration has been disabled site-wide.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N